0store-secure-add — add an implementation to the system cache
This command imports the current directory into the system-wide shared Zero
Install cache, as /var/cache/0install.net/implementations/DIGEST. This allows
a program downloaded by one user to be shared with other users.
The current directory must contain a file called '.manifest' listing all the
files to be added (in the format required by DIGEST), and this file must have
the given digest. If not, the import is refused. Therefore, it is only
possible to add a directory to the cache if its name matches its contents.
It is intended that it be safe to grant untrusted users permission to call this
command with elevated privileges. To set this up, see below.
To enable sharing, the system administrator should follow these steps:
Create a new system user to own the cache:
adduser --system zeroinst
Create the shared directory, owned by this new user:
chown zeroinst /var/cache/0install.net
Use visudo(8) to add these lines to /etc/sudoers:
ALL ALL=(zeroinst) NOPASSWD: /usr/bin/0store-secure-add
Create a script called 0store-secure-add-helper
in PATH to call it. This
script must be executable and contain these two lines:
exec sudo -S -u zeroinst /usr/bin/0store-secure-add "$@" <
The other Zero Install programs will call this helper script automatically.
- System-wide Zero Install cache.
Copyright (C) 2009 Thomas Leonard.
You may redistribute copies of this program under the terms of the GNU Lesser
General Public License.
This program is EXPERIMENTAL. It has not been audited. Do not use it yet in
The env_reset line in sudoers may not be required. sudo(1) seems to do it
If sudo let us check whether we could call a command then we could switch to
using it automatically, instead of needing to add the helper script.
Currently, sudo delays for one second and writes to auth.log if we try to use
this system when it hasn't been set up.
Please report bugs to the developer mailing list:
Zero Install was created by Thomas Leonard.
The Zero Install web-site: